diff --git a/tests/bats/11_bouncers_tls.bats b/tests/bats/11_bouncers_tls.bats index 80c08d112..39fa8027f 100644 --- a/tests/bats/11_bouncers_tls.bats +++ b/tests/bats/11_bouncers_tls.bats @@ -10,7 +10,8 @@ config_disable_agent() { setup_file() { load "../lib/setup_file.sh" ./instance-data load - tmpdir=$(mktemp -d) + + tmpdir="${BATS_FILE_TMPDIR}" export tmpdir CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl" @@ -48,7 +49,6 @@ setup_file() { teardown_file() { load "../lib/teardown_file.sh" - rm -rf "${tmpdir}" } setup() { @@ -62,12 +62,12 @@ teardown() { #---------- -@test "${FILE} there are 0 bouncers" { +@test "there are 0 bouncers" { run -0 cscli bouncers list -o json assert_output "[]" } -@test "${FILE} simulate one bouncer request with a valid cert" { +@test "simulate one bouncer request with a valid cert" { run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 assert_output "null" run -0 cscli bouncers list -o json @@ -79,19 +79,19 @@ teardown() { run cscli bouncers delete localhost@127.0.0.1 } -@test "${FILE} simulate one bouncer request with an invalid cert" { +@test "simulate one bouncer request with an invalid cert" { run curl -s --cert "${tmpdir}/bouncer_invalid.pem" --key "${tmpdir}/bouncer_invalid-key.pem" --cacert "${tmpdir}/ca-key.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 run -0 cscli bouncers list -o json assert_output "[]" } -@test "${FILE} simulate one bouncer request with an invalid OU" { +@test "simulate one bouncer request with an invalid OU" { run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 run -0 cscli bouncers list -o json assert_output "[]" } -@test "${FILE} simulate one bouncer request with a revoked certificate" { +@test "simulate one bouncer request with a revoked certificate" { run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42 assert_output --partial "access forbidden" run -0 cscli bouncers list -o json diff --git a/tests/bats/30_machines_tls.bats b/tests/bats/30_machines_tls.bats index 574506d43..2b5d0f63b 100644 --- a/tests/bats/30_machines_tls.bats +++ b/tests/bats/30_machines_tls.bats @@ -3,11 +3,18 @@ set -u +config_disable_agent() { + yq e 'del(.crowdsec_service)' -i "${CONFIG_YAML}" +} + setup_file() { load "../lib/setup_file.sh" ./instance-data load - tmpdir=$(mktemp -d) + CONFIG_DIR=$(dirname "${CONFIG_YAML}") + export CONFIG_DIR + + tmpdir="${BATS_FILE_TMPDIR}" export tmpdir CFDIR="${BATS_TEST_DIRNAME}/testdata/cfssl" @@ -40,6 +47,8 @@ setup_file() { .api.server.tls.agents_allowed_ou=["agent-ou"] ' -i "${CONFIG_YAML}" + run -0 cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX + config_disable_agent } teardown_file() { @@ -48,7 +57,6 @@ teardown_file() { setup() { load "../lib/setup.sh" - cscli machines delete githubciXXXXXXXXXXXXXXXXXXXXXXXX } teardown() { @@ -57,9 +65,7 @@ teardown() { #---------- -@test "${FILE} invalid OU for agent" { - CONFIG_DIR=$(dirname "${CONFIG_YAML}") - +@test "invalid OU for agent" { yq e ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | .key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" | @@ -67,18 +73,13 @@ teardown() { .url="https://127.0.0.1:8080" ' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" ./instance-crowdsec start - #let the agent start - sleep 2 run -0 cscli machines list -o json assert_output '[]' } -@test "${FILE} we have exactly one machine registered with TLS" { - CONFIG_DIR=$(dirname "${CONFIG_YAML}") - +@test "we have exactly one machine registered with TLS" { yq e ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | .key_path=strenv(tmpdir) + "/agent-key.pem" | @@ -86,23 +87,17 @@ teardown() { .url="https://127.0.0.1:8080" ' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" ./instance-crowdsec start - #let the agent start - sleep 2 + run -0 cscli lapi status run -0 cscli machines list -o json run -0 jq -c '[. | length, .[0].machineId[0:32], .[0].isValidated, .[0].ipAddress, .[0].auth_type]' <(output) assert_output '[1,"localhost@127.0.0.1",true,"127.0.0.1","tls"]' cscli machines delete localhost@127.0.0.1 - - ./instance-crowdsec stop } -@test "${FILE} invalid cert for agent" { - CONFIG_DIR=$(dirname "${CONFIG_YAML}") - +@test "invalid cert for agent" { yq e ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | .key_path=strenv(tmpdir) + "/agent_invalid-key.pem" | @@ -110,18 +105,13 @@ teardown() { .url="https://127.0.0.1:8080" ' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" ./instance-crowdsec start - #let the agent start - sleep 2 run -0 cscli machines list -o json assert_output '[]' } -@test "${FILE} revoked cert for agent" { - CONFIG_DIR=$(dirname "${CONFIG_YAML}") - +@test "revoked cert for agent" { yq e ' .ca_cert_path=strenv(tmpdir) + "/inter.pem" | .key_path=strenv(tmpdir) + "/agent_revoked-key.pem" | @@ -129,11 +119,8 @@ teardown() { .url="https://127.0.0.1:8080" ' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq e 'del(.login)' -i "${CONFIG_DIR}/local_api_credentials.yaml" - yq e 'del(.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" + yq e 'del(.login,.password)' -i "${CONFIG_DIR}/local_api_credentials.yaml" ./instance-crowdsec start - #let the agent start - sleep 2 run -0 cscli machines list -o json assert_output '[]' }